CA Technologies and Ponemon Institute Cloud Security Study Shows Improved Practices, but is Fifty Percent a Passing Grade?

  CA Technologies and Ponemon Institute Cloud Security Study Shows Improved
  Practices, but is Fifty Percent a Passing Grade?

New ‘Security of Cloud Computing Users 2013’ Study Confirms Conflicting Views
                       on Cloud Security Responsibility

Business Wire

ISLANDIA, N.Y. & TRAVERSE CITY, Mich. -- March 5, 2013

CA Technologies (NASDAQ: CA) and the Ponemon Institute, an independent
research firm, today released “Security of Cloud Computing Users 2013,” a
study commissioned by CA Technologies that shows companies have improved their
practices around cloud computing security compared to a previous study from
2010. Still, the responses raise questions and concerns about organizations’
use of security best practices and their awareness of cloud services used
within their organizations. It also confirms there are conflicting views on
who is most responsible for cloud security.

Comparing the two studies reveals that organizations today are more confident
in the security of cloud computing and have put in place better security
practices around cloud use. Still, affirmative responses were only around half
(50 percent) for questions involving cloud security best practices, confidence
in cloud services and knowledge of the cloud services in use within an

“While cloud computing is still one of the most disruptive and promising
trends of the past decade, our study shows that cloud security struggles to
get past a grade of 50 percent when it comes to best practices, including the
percentage of organizations that say they engage their security teams in
determining the use of cloud services,” said Mike Denning, general manager,
Security, CA Technologies. “We believe that organizations can do better and
gain the benefits of cloud computing by reducing risk and achieving that
desired balance of protection and business enablement.”

The study provided several key insights:

  *Cloud confidence and best practices are improving but further progress can
    be made. Positive survey responses only hovered around half (50 percent)
    for any given question around cloud security best practices, such as
    vetting services for security risk, engaging the security team in
    determining cloud service use and assessing how a cloud service could
    impact data security. In addition, while this statistic improved by five
    percent from the 2010 survey, only 50 percent of organizations are
    confident they know all the cloud services in use within their
  *Responsibility for cloud security is mixed with a bias toward end users
    and IT Security getting a pass. The survey shows a concerning lack of
    agreement remains regarding who has responsibility for cloud security.
    While some organizations expect their cloud services providers to ensure
    the security of SaaS and IaaS applications (36 percent and 22 percent,
    respectively), a significant amount of the responsibility is assigned to
    companies’ end-users (31 percent for SaaS; 21 percent for IaaS), and very
    little responsibility was assigned to IT Security (eight percent for SaaS
    and 10 percent for IaaS). This relinquishment of responsibility points to
    a lack of clarity around ownership, which may lead to gaps in security
    processes and governance.
  *Users prefer hybrid identity and access management (IAM) security
    solutions. Sixty-four percent of survey respondents would prefer a hybrid
    IAM implementation that supports both on-premise and cloud-based

“Confidence in and best practices for the security of cloud computing is
improving but not as significantly as one might have expected since our 2010
study,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Our
latest study offers organizations new data that should spark them to examine
their own internal practices which could result in improvements in how they
adopt and secure cloud services and applications.”

Additional Resources

  *Full report: Access the full Ponemon Research: 2013 Security of Cloud
    Computing Users Study
  *Highlights: View key takeaways in this infographic
  *(ISC)² Webcast: The State of Cloud Security 2013. Featuring speakers from
    Ponemon Institute and CSA
  *Blog: Cloud Security Improving But IT Leadership Lacking
  *Resource page: Who’s Minding Your Cloud? news, whitepapers, webcasts and

About the Study

The study was commissioned by CA Technologies and conducted by the Ponemon
Institute, an independent research firm specializing in privacy, data
protection and information security policy. It surveyed 748 IT and IT security
practitioners located in the United States. The majority of respondents (64
percent) were at the supervisor level or higher in their organizations with
total IT or data security experience averaging 10 years. The majority of
respondents self-reported they were responsible for setting priorities,
selecting vendors and contractors, and managing budgets. Seventy percent said
they worked in organizations with a headcount of more than 5,000 people. The
survey and analysis were completed at the end of 2012.

About CA Technologies

CA Technologies (NASDAQ: CA) provides IT management solutions that help
customers manage and secure complex IT environments to support agile business
services. Organizations leverage CA Technologies software and SaaS solutions
to accelerate innovation, transform infrastructure and secure data and
identities, from the data center to the cloud. Learn more about CA
Technologies at

Follow CA Technologies


Social Media Page

Press Releases

Legal Notices

Copyright © 2013 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749.
All trademarks, trade names, service marks, and logos referenced herein belong
to their respective companies.


CA Technologies
Leanne Agurkis, 407-620-2136 (mobile)
Press spacebar to pause and continue. Press esc to stop.